VeriSign and one of its partners have come under fire for publicly exposing webpages used to process customer security certificates, a practice a competitor claims puts some of the biggest names on the web at risk of serious targeted attacks.
According to Melih Abdulhayoglu, CEO of internet security firm Comodo, publicly …

You're being too paranoid

"But it seems a fair point that they needlessly expose information that would better be kept private."

Like what? You can bet that the number of people who know these email addresses within the various organisations is already fairly large, and that there are other ways of finding the information. Verisign's attitude merely emphasises that this is not security-critical information. In fact, it's rather reassuring to see that they don't believe in security by obscurity.

A felony?

It's not that simple

On these particular pages, submitting a CSR probably won't do you much good anyway. This is Verisign's "Managed PKI": requests submitted in this manner need to be approved by the organisation's certificate administrator, and even that worthy fellow is required to have a Verisign-supplied SSL client certificate in his browser to get access to the approvals web form. If said individual is snowed under and/or doesn't keep a good track of requests, you might get somewhere. Personally, I doubt it.

I'm not sure what'd happen if you tried to revoke an existing certificate, however. Have not done that yet.